kadm5_ret_t
kadm5_destroy(void *server_handle)
{
krb5_ccache ccache = NULL;
int code = KADM5_OK;
kadm5_server_handle_t handle =
(kadm5_server_handle_t) server_handle;
CHECK_HANDLE(server_handle);
if (handle->destroy_cache && handle->cache_name) {
if ((code = krb5_cc_resolve(handle->context,
handle->cache_name, &ccache)) == 0)
code = krb5_cc_destroy (handle->context, ccache);
}
if (handle->cache_name)
free(handle->cache_name);
if (handle->clnt && handle->clnt->cl_auth)
AUTH_DESTROY(handle->clnt->cl_auth);
if (handle->clnt)
clnt_destroy(handle->clnt);
if (handle->client_socket != -1)
close(handle->client_socket);
if (handle->lhandle)
free (handle->lhandle);
kadm5_free_config_params(handle->context, &handle->params);
handle->magic_number = 0;
free(handle);
return code;
}
/*
* Function: kadm5_create
*
* Purpose: create admin principals in KDC database
*
* Arguments: params (r) configuration parameters to use
*
* Effects: Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE
* principals in the KDC database and sets their attributes
* appropriately.
*/
int kadm5_create(kadm5_config_params *params)
{
int retval;
krb5_context context;
kadm5_config_params lparams;
if ((retval = kadm5_init_krb5_context(&context)))
exit(ERR);
/*
* The lock file has to exist before calling kadm5_init, but
* params->admin_lockfile may not be set yet...
*/
if ((retval = kadm5_get_config_params(context, 1,
params, &lparams))) {
com_err(progname, retval, "while looking up the Kerberos configuration");
return 1;
}
retval = kadm5_create_magic_princs(&lparams, context);
kadm5_free_config_params(context, &lparams);
krb5_free_context(context);
return retval;
}
static void rkadm5_config_free(RUBY_KADM5_CONFIG* ptr){
if(!ptr)
return;
kadm5_free_config_params(ptr->ctx, &ptr->config);
if(ptr->ctx)
krb5_free_context(ptr->ctx);
free(ptr);
}
static kadm5_ret_t
init_any(krb5_context context, char *client_name, enum init_type init_type,
char *pass, krb5_ccache ccache_in, char *service_name,
kadm5_config_params *params_in, krb5_ui_4 struct_version,
krb5_ui_4 api_version, char **db_args, void **server_handle)
{
int fd = -1;
krb5_boolean iprop_enable;
int port;
rpcprog_t rpc_prog;
rpcvers_t rpc_vers;
krb5_ccache ccache;
krb5_principal client = NULL, server = NULL;
kadm5_server_handle_t handle;
kadm5_config_params params_local;
int code = 0;
generic_ret *r;
initialize_ovk_error_table();
/* initialize_adb_error_table(); */
initialize_ovku_error_table();
if (! server_handle) {
return EINVAL;
}
if (! (handle = malloc(sizeof(*handle)))) {
return ENOMEM;
}
memset(handle, 0, sizeof(*handle));
if (! (handle->lhandle = malloc(sizeof(*handle)))) {
free(handle);
return ENOMEM;
}
handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
handle->struct_version = struct_version;
handle->api_version = api_version;
handle->clnt = 0;
handle->client_socket = -1;
handle->cache_name = 0;
handle->destroy_cache = 0;
handle->context = 0;
*handle->lhandle = *handle;
handle->lhandle->api_version = KADM5_API_VERSION_4;
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
handle->context = context;
if(client_name == NULL) {
free(handle);
return EINVAL;
}
/*
* Verify the version numbers before proceeding; we can't use
* CHECK_HANDLE because not all fields are set yet.
*/
GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
KADM5_NEW_LIB_API_VERSION);
memset(¶ms_local, 0, sizeof(params_local));
if ((code = kadm5_get_config_params(handle->context, 0,
params_in, &handle->params))) {
free(handle);
return(code);
}
#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \
KADM5_CONFIG_ADMIN_SERVER | \
KADM5_CONFIG_KADMIND_PORT)
if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
free(handle);
return KADM5_MISSING_KRB5_CONF_PARAMS;
}
code = krb5_parse_name(handle->context, client_name, &client);
if (code)
goto error;
/*
* Get credentials. Also does some fallbacks in case kadmin/fqdn
* principal doesn't exist.
*/
code = get_init_creds(handle, client, init_type, pass, ccache_in,
service_name, handle->params.realm, &server);
if (code)
goto error;
/* If the service_name and client_name are iprop-centric, use the iprop
* port and RPC identifiers. */
iprop_enable = (service_name != NULL &&
strstr(service_name, KIPROP_SVC_NAME) != NULL &&
strstr(client_name, KIPROP_SVC_NAME) != NULL);
if (iprop_enable) {
port = handle->params.iprop_port;
rpc_prog = KRB5_IPROP_PROG;
rpc_vers = KRB5_IPROP_VERS;
} else {
port = handle->params.kadmind_port;
rpc_prog = KADM;
rpc_vers = KADMVERS;
}
code = connect_to_server(handle->params.admin_server, port, &fd);
if (code)
goto error;
handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0);
if (handle->clnt == NULL) {
code = KADM5_RPC_ERROR;
#ifdef DEBUG
clnt_pcreateerror("clnttcp_create");
#endif
goto error;
}
handle->client_socket = fd;
handle->lhandle->clnt = handle->clnt;
handle->lhandle->client_socket = fd;
/* now that handle->clnt is set, we can check the handle */
if ((code = _kadm5_check_handle((void *) handle)))
goto error;
/*
* The RPC connection is open; establish the GSS-API
* authentication context.
*/
code = setup_gss(handle, params_in,
(init_type == INIT_CREDS) ? client : NULL, server);
if (code)
goto error;
/*
* Bypass the remainder of the code and return straightaway
* if the gss service requested is kiprop
*/
if (iprop_enable) {
code = 0;
*server_handle = (void *) handle;
goto cleanup;
}
r = init_2(&handle->api_version, handle->clnt);
if (r == NULL) {
code = KADM5_RPC_ERROR;
#ifdef DEBUG
clnt_perror(handle->clnt, "init_2 null resp");
#endif
goto error;
}
/* Drop down to v3 wire protocol if server does not support v4 */
if (r->code == KADM5_NEW_SERVER_API_VERSION &&
handle->api_version == KADM5_API_VERSION_4) {
handle->api_version = KADM5_API_VERSION_3;
r = init_2(&handle->api_version, handle->clnt);
if (r == NULL) {
code = KADM5_RPC_ERROR;
goto error;
}
}
/* Drop down to v2 wire protocol if server does not support v3 */
if (r->code == KADM5_NEW_SERVER_API_VERSION &&
handle->api_version == KADM5_API_VERSION_3) {
handle->api_version = KADM5_API_VERSION_2;
r = init_2(&handle->api_version, handle->clnt);
if (r == NULL) {
code = KADM5_RPC_ERROR;
goto error;
}
}
if (r->code) {
code = r->code;
goto error;
}
*server_handle = (void *) handle;
goto cleanup;
error:
/*
* Note that it is illegal for this code to execute if "handle"
* has not been allocated and initialized. I.e., don't use "goto
* error" before the block of code at the top of the function
* that allocates and initializes "handle".
*/
if (handle->destroy_cache && handle->cache_name) {
if (krb5_cc_resolve(handle->context,
handle->cache_name, &ccache) == 0)
(void) krb5_cc_destroy (handle->context, ccache);
}
if (handle->cache_name)
free(handle->cache_name);
if(handle->clnt && handle->clnt->cl_auth)
AUTH_DESTROY(handle->clnt->cl_auth);
if(handle->clnt)
clnt_destroy(handle->clnt);
if (fd != -1)
close(fd);
kadm5_free_config_params(handle->context, &handle->params);
cleanup:
krb5_free_principal(handle->context, client);
krb5_free_principal(handle->context, server);
if (code)
free(handle);
return code;
}